Update: remote-admin definition file

redcanaryco / surveyor

A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.

MIT License

170 stars 59 forks source link

Update: remote-admin definition file #57

Closed pmichaudrc closed 1 year ago

pmichaudrc commented 2 years ago

Which category is the feature part of?

[ ] Carbon Black Response
[ ] Threat Hunter
[x] Definition File
[ ] Code Feature - impacts all products
[ ] New product support

Use Cases

Proposal Update the contents of the remote-admin definition file

Additional context Add any other context or screenshots about the feature request here.

pmichaudrc commented 2 years ago

Remote Manipulator System: (process_name:rutview.exe OR process_name:rutserv.exe) (digsig_publisher:“Ter-Osipov Aleksei Vladimirovich” OR product_name: “Remote Manipulator System”) (domain:rmansys.ru OR domain:selcdn.ru)